Cyber Security News

OwnCloud Critical Vulnerability Exploited in the Wild

by Esmeralda McKenzie
written by Esmeralda McKenzie
OwnCloud Critical Vulnerability Exploited in the Wild

OwnCloud Critical Vulnerability Exploited in the Wild

OwnCloud Serious Vulnerability

Owncloud turned into once stumbled on with a brand unique vulnerability linked to exposing restful knowledge to an unauthorized third birthday party that turned into once assigned with CVE-2023-49103 and a severity ranking of 10.0 (Serious).

ownCloud is a file server and collaboration platform that enables users to stable storage, sharing, and continuously restful file synchronization.

This vulnerability can enable a menace actor to earn entry to restful knowledge equivalent to admin passwords, mail server credentials, and license keys without authorization.

Doc

Free Webinar

Are residing API Attack Simulation Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Merchandise at Indusface point out how APIs can be hacked. The session will mask: an exploit of OWASP API High 10 vulnerability, a brute power fable take-over (ATO) assault on API, a DDoS assault on an API, how a WAAP can even bolster safety over an API gateway

GreyNoise has noticed that menace actors are taking profit of the vulnerability and exploiting it in the wild.

ownCloud vulnerability exploitation in the wild (Offer: GreyNoise)
ownCloud vulnerability exploitation in the wild (Offer: GreyNoise)

CVE-2023-49103: Publicity of Sensitive knowledge to Third-birthday party

This vulnerability is thanks to the “graphapi” app, which uses a third-birthday party library. This library is accountable for offering a URL that when accessed, displays the configuration details of the PHP atmosphere by process of the phpinfo file.

The phpinfo file contains the overall atmosphere variables of the online server, which could perhaps per chance consist of restful info equivalent to admin passwords, mail server credentials, or license keys in the event that they are internal containerized deployments.

ownCloud also reported that “disabling the “graphapi” app will not be any longer going to earn rid of this vulnerability.” Moreover, the phpinfo file also exposes a form of a form of restful configuration knowledge that a menace actor can even originate essentially the most of for reconnaissance. Nevertheless, Docker-Containers earlier than February 2023 had been confirmed to be no longer tormented by this vulnerability.

Affected Merchandise & Mitigation

“graphapi” versions 0.2.0 – 0.3.0 had been confirmed to be tormented by this vulnerability. As segment of mitigation, the underneath steps had been recommended.

  • Deleting the owncloud/apps/graphapi/seller/microsoft/microsoft-graph/tests/GetPhpInfo.php file
  • disabling the phpinfo characteristic docker-containers
  • Changing ownCloud admin password
  • Changing Mail server credentials
  • Changing Database credentials and
  • Changing Object-store/S3 earn entry to-keys

Customers of ownCloud are recommended to take precautionary systems in elaborate to conclude restful knowledge from getting uncovered to unauthorized menace actors.

Source credit : cybersecuritynews.com

Related Posts

PKfail Vulnerability Allows Hackers to Install UEFI Malware...

North Korean Charged in Cyberattacks on US Hospitals,...

BIND DNS Vulnerability Lets Attackers Flood Server With...

Russian Malware Cuts Off Heaters In 600 Apartments...

Google Chrome 127 Released With Fix for Vulnerabilities...

New Windows False File Immutability Vulnerability Let Attackers...

CrowdStrike Details Incident Affected Millions of Windows Systems...

IPFire Unveils New Feature to Protect Systems from...

Hackers Abuse Cloudflare WARP To Hijack Cloud Services

Play Ransomware Variant Attacking Linux ESXi Servers